# Impacto ```mermaid graph TB A["💥 Impacto (TA0040)<br/>Objetivo final do ataque"] --> B["🔒 Ransomware<br/>T1486 - Criptografia"] A --> C["🗑️ Destruição de Dados<br/>T1485 - Data Destruction"] A --> D["🌐 Defacement<br/>T1491 - Vandalismo web"] A --> E["📡 Negação de Serviço<br/>T1498/T1499 - DoS/DDoS"] A --> F["💰 Roubo Financeiro<br/>T1657 - Financial Theft"] A --> G["⚙️ Sabotagem<br/>T1489 - Service Stop"] A --> H["🖴 Wipe de Disco<br/>T1561 - Disk Wipe"] ``` > [!info] Visão Geral > A tática de Impacto representa o objetivo final de um ataque - as acoes destrutivas, disruptivas ou financeiramente motivadas que o atacante executa após ganhar acesso. Esta e a fase mais visivel e prejudicial de uma campanha, podendo resultar em perda de dados, interrupcao de servicos ou danos financeiros. > **Técnicas:** 33 técnicas nesta categoria, incluindo ransomware, wipe de disco, DoS e defacement. > **Destaque LATAM:** Ransomware e a técnica de impacto mais prevalente no Brasil, com grupos como **LockBit**, **BlackCat** e **Cl0p** causando prejuizos milionarios em setores financeiro, saúde e governo. > [!warning] Contexto Brasil/LATAM > O Brasil e o pais mais afetado por ransomware na América Latina, com ataques frequentes contra hospitais, prefeituras e empresas de manufatura. Grupos como **LockBit 3.0** e **Black Basta** tem historico documentado de operações contra alvos brasileiros, explorando especialmente a técnica **T1486** (Data Encrypted for Impact) combinada com dupla extorcao via **T1657** (Financial Theft). Defacements contra sites governamentais (**T1491**) sao frequentemente executados por grupos hacktivistas durante períodos de tensao politica. > **33 técnicas** · Ações destrutivas ou disruptivas no alvo - ransomware, wipe, sabotagem, defacement. %% ```dataview TABLE WITHOUT ID link(file.link, title) AS "Nome" FROM "ttp/techniques/impact" WHERE type = "technique" SORT title ASC ``` %% <!-- QueryToSerialize: TABLE WITHOUT ID link(file.link, title) AS "Nota", title AS "Nome" FROM "ttp/techniques/impact" WHERE type = "technique" SORT title ASC --> <!-- SerializedQuery: TABLE WITHOUT ID link(file.link, title) AS "Nota", title AS "Nome" FROM "ttp/techniques/impact" WHERE type = "technique" SORT title ASC --> | Nota | Nome | | ------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------- | | [[t1485-data-destruction\|T1485 - Data Destruction]] | T1485 - Data Destruction | | [[t1485-001-lifecycle-triggered-deletion\|T1485.001 - Lifecycle-Triggered Deletion]] | T1485.001 - Lifecycle-Triggered Deletion | | [[t1486-data-encrypted-for-impact\|T1486 - Data Encrypted for Impact]] | T1486 - Data Encrypted for Impact | | [[t1489-service-stop\|T1489 - Service Stop]] | T1489 - Service Stop | | [[t1490-inhibit-system-recovery\|T1490 - Inhibit System Recovery]] | T1490 - Inhibit System Recovery | | [[t1491-defacement\|T1491 - Defacement]] | T1491 - Defacement | | [[t1491-001-internal-defacement\|T1491.001 - Internal Defacement]] | T1491.001 - Internal Defacement | | [[t1491-002-external-defacement\|T1491.002 - External Defacement]] | T1491.002 - External Defacement | | [[t1495-firmware-corruption\|T1495 - Firmware Corruption]] | T1495 - Firmware Corruption | | [[t1496-resource-hijacking\|T1496 - Resource Hijacking]] | T1496 - Resource Hijacking | | [[t1496-001-compute-hijacking\|T1496.001 - Compute Hijacking]] | T1496.001 - Compute Hijacking | | [[t1496-002-bandwidth-hijacking\|T1496.002 - Bandwidth Hijacking]] | T1496.002 - Bandwidth Hijacking | | [[t1496-003-sms-pumping\|T1496.003 - SMS Pumping]] | T1496.003 - SMS Pumping | | [[t1496-004-cloud-service-hijacking\|T1496.004 - Cloud Service Hijacking]] | T1496.004 - Cloud Service Hijacking | | [[t1498-network-denial-of-service\|T1498 - Network Denial of Service]] | T1498 - Network Denial of Service | | [[t1498-001-direct-network-flood\|T1498.001 - Direct Network Flood]] | T1498.001 - Direct Network Flood | | [[t1498-002-reflection-amplification\|T1498.002 - Reflection Amplification]] | T1498.002 - Reflection Amplification | | [[t1499-endpoint-denial-of-service\|T1499 - Endpoint Denial of Service]] | T1499 - Endpoint Denial of Service | | [[t1499-001-os-exhaustion-flood\|T1499.001 - OS Exhaustion Flood]] | T1499.001 - OS Exhaustion Flood | | [[t1499-002-service-exhaustion-flood\|T1499.002 - Service Exhaustion Flood]] | T1499.002 - Service Exhaustion Flood | | [[t1499-003-application-exhaustion-flood\|T1499.003 - Application Exhaustion Flood]] | T1499.003 - Application Exhaustion Flood | | [[t1499-004-application-or-system-exploitation\|T1499.004 - Application or System Exploitation]] | T1499.004 - Application or System Exploitation | | [[t1529-system-shutdownreboot\|T1529 - System Shutdown/Reboot]] | T1529 - System Shutdown/Reboot | | [[t1531-account-access-removal\|T1531 - Account Access Removal]] | T1531 - Account Access Removal | | [[t1561-disk-wipe\|T1561 - Disk Wipe]] | T1561 - Disk Wipe | | [[t1561-001-disk-content-wipe\|T1561.001 - Disk Wipe: Disk Content Wipe]] | T1561.001 - Disk Wipe: Disk Content Wipe | | [[t1561-002-disk-structure-wipe\|T1561.002 - Disk Structure Wipe]] | T1561.002 - Disk Structure Wipe | | [[t1565-data-manipulation\|T1565 - Data Manipulation]] | T1565 - Data Manipulation | | [[t1565-001-stored-data-manipulation\|T1565.001 - Stored Data Manipulation]] | T1565.001 - Stored Data Manipulation | | [[t1565-002-transmitted-data-manipulation\|T1565.002 - Transmitted Data Manipulation]] | T1565.002 - Transmitted Data Manipulation | | [[t1565-003-runtime-data-manipulation\|T1565.003 - Runtime Data Manipulation]] | T1565.003 - Runtime Data Manipulation | | [[t1582-sms-control\|T1582 - SMS Control]] | T1582 - SMS Control | | [[t1657-financial-theft\|T1657 - Financial Theft]] | T1657 - Financial Theft | | [[t1667-email-bombing\|T1667 - Email Bombing]] | T1667 - Email Bombing | <!-- SerializedQuery END --> --- **Navegação:** [[_techniques|Técnicas]] · [[_tactics|Táticas]] · [[_procedures|Procedimentos]]